Last updated: [28th February, 2020]
PLEASE READ THIS POLICY CAREFULLY BEFORE USING THE PLATFORM
The capitalized words used in this Policy and not defined shall have the meaning given to such words in the Terms of Service.
- 1. Name and Contact Information
The FamPay mobile platform/website (“Platform”) is made available by Fampay Solutions Private Limited having its registered office at No. 7, 1st A Main, Sector 6, H.S.R Layout, Bengaluru (Bangalore) Urban, Karnataka, 560102. FamPay has entered into a co-branding agreement with IDFC FIRST Bank Ltd., a banking company incorporated under the laws of India, having its principal place of business/registered office at, 8th Floor, No. 1 Harrington Road, Chetpet, Chennai 600 031 and an office at Naman Chambers, C-32, G-Block, Bandra Kurla Complex, Bandra East, Mumbai 400 051 (“IDFC”, “Bank”), to issue pre-paid payment instruments (“Wallet(s)”) to you (which can you use through the Platform). This Policy is a binding agreement between you, IDFC and FamPay. Throughout this document, we use the terms “we”, “us” and “our” to refer to IDFC and FamPay and the terms “you” and “your” to refer to you, the user of the Platform.
- 2. What Data Do We Collect?
We collect the information and data you provide only to ensure that we can provide you our Services in the best manner possible. We wish to keep such collection and usage of data as transparent as possible. We have detailed the types of data we collect for your perusal below.
- A. In order to create and maintain the FamPay Account the following types of data is collected by FamPay and constitutes “FamPay Account Data”. FamPay will have the right to use the FamPay Account Data in accordance with the terms of this Policy; it may share parts of this data with the Bank from time to time. The Bank too will use such data in accordance with the terms of this Policy.
Means of Gathering Data
Data you input in the course of signing up and using FamPay’s services
User profile data: This includes your name, phone number, login name, profile picture (if any), and birthdate, email address.
Demographic data: Includes your name, age, gender, income, occupation and address (including city).
Address Book Contacts: If you grant FamPay access to the address book on your mobile device, then FamPay may access and store the names and contact information from your address book to facilitate invitations, social interactions and payments/transfers to your contacts through our Platform and for other purposes described in this Policy.
Feedback data and other data: We collect the data that you actively put into the Platform. This includes the follows:
Data we collect from your usage of our Services
Geolocation data: We collect the location data from your mobile device if enabled by you to do so. We may also collect this data when our Platform is running in the background of your mobile device. You will not be able to use critical and essential features of the Platform if you disable the location services.
Usage data: FamPay collects data about how you interact with our Services. This includes data such as access dates and times, Platform features or pages viewed, Platform crashes and other system activity, type of browser, and third-party sites or services used before interacting with our Services.
Device data: We may collect data about the devices used to access our Services, including the hardware models, device IP address, operating systems and versions, software, preferred languages, unique device identifiers, advertising identifiers, serial numbers, device motion data, and mobile network data.
Cookies: We also collect information through the use of “cookies”, tracking pixels, and similar technologies to understand how you navigate through the Platform to learn your preferences. Cookies are small text files that web servers place on your device; they are designed to store basic information and to help websites and apps recognize your browser. We may use both session cookies and persistent cookies. A session cookie disappears after you close your browser. A persistent cookie remains after you close your browser and may be accessed every time you use the Platform.
Information we receive from other sources
We may also be working closely with third parties (including, for example, business partners, technical sub-contractors, analytics providers, search information providers) and may receive information about you from such sources. Such data may be shared internally and combined with data collected on this Platform.
- B. We may collect from you, data associated with your usage of your Wallet, such as your Wallet transaction history, data in relation to you applying for and/or availing any services in relation to the Wallet, loads, transfers and spends made using the Wallet, KYC data, balances, payment details, for effecting transfer of funds through various payment channels provided by us. Collectively this data will be referred to as “Wallet Data”. We will have the right to use the Wallet Data in accordance with the terms of this Policy.
- 3. How And Why Do We Use Your Data?
Your data will be used for the fulfilment of the Services and developing and enabling new features. We have detailed the manner in which we use the collected data below:
Reason of Use
Manner of Use
Enabling our Services and updating our Platform features
We use the data collected to personalize, maintain, and improve our Services. This includes using the data to:
For enabling customer support
We use the information to provide customer support, including to resolve your concerns arising from the use of the Services, and train our customer service executives.
For research and development
We may use the data collected for research, analysis, and product development to improve the UI/UX experience, all of which will ultimately improve how you experience the Platform. This also helps us develop automated actions to be triggered in certain events, such as when we need to implement dynamic pricing, detecting fraud, account termination, amongst other things.
Enabling communication between users
We will allow you to share your Wallet transactions with your friends (other FamPay users in your phone contact list) through the Platform.
For marketing and outreach
We may use the data we collect to market the Platform and our Services. This includes sharing your feedback, ratings, screen names and photograph (if any) for purely promotion and marketing purposes. Such promotion and marketing may be done via hoardings, banners, pamphlets, online advertising etc.
We may use the data so collected to develop automated decision-making capabilities.
Legal compliance and requirements
We may use the data we collect to investigate or address claims or disputes relating to the use of our Services, or as otherwise allowed by Applicable Law, or as requested by regulators, government entities, and official inquiries.
- 4. How Do We Share The Collected Information?
The information we collect is shared only on a needs basis, i.e. we do not sell your data to any third parties for profit. However, we may enter into data-sharing agreements or disclose the collected data to third parties in order to provide the Services to you. We have detailed the manner in which we share the collected data below:
Person Shared With
Purpose for Sharing
Sharing with third parties
API and integration partners: If your connection to the Platform is enabled through an integration with a third-party service, we may share information about your use of the Platform with that third-party. We may share your information with our third-party partners in order to receive additional information about you. We may also share your information with third-party partners to create offers that may be of interest to you.
Service Providers: We work with third-party service providers to perform services on our behalf, and we may share your information with such service providers to help us provide our Services through the Platform.
Third-party services: The Platform may allow you to connect with other websites, products, or services that we do not have any control over. However, usage of such third-party services is subject to their privacy policies and not within our control. We recommend that you have a look at their privacy policies before agreeing to use their services.
Subsidiaries and holding companies: We share data with our subsidiaries and affiliates to help us provide our Services or conduct data processing on our behalf.
Change in control: While negotiating or in relation to a change of corporate control such as a restructuring, merger or sale of our assets, we may have to disclose our databases and information we have stored in the course of our operations.
Sharing with law enforcement when needed
If any governmental authority or law enforcement officers request or require any information and we think disclosure is required or appropriate in order to comply with laws, regulations, or a legal process.
- 5. How is Payment Data Handled?
We may provide the functionality to load your Wallet through debit card, credit card or any other payment mode and collect data in relation to such loading of your Wallet through these payment modes (“Payment Data”). The information regarding your Payment Data may be stored once you make the first payment by the card/other payment mode and is protected against unauthorized access. For this purpose, a certified payment provider is used whose systems meet the applicable security standards, such as for example PCI-DSS (Payment Card Industry – Data Security Standard). The Payment Data is stored by the contracted PCI-DSS-certified payment provider for recurring transactions. We do not, ourselves, store your Payment Data and if we ever do, it will be only in abbreviated form for analysis purposes or to prevent fraud.
In order to ensure that the debit/credit card/other payment mode is used by the legitimate owner and to prevent cases of fraud, the Payment Data and card information is transferred to one or more external payment security services. This transfer may also include additional personal data. The external payment security services may process personal data on our behalf.
- 6. What are Your Rights to Control the Data?
It is important for us that you remain in control of your data. You alone are the owner and manipulator of your data, and you shall have the right to restrict our usage of the data in the manner provided below. You should also remain informed of your rights with regards to the use of your data and information by us. Your rights with regards to your data are listed below.
Scope of the Right
Right to confirmation
You have the right to obtain a confirmation from us as to whether your personal data (your name, housing address, age, credit card information, amongst other data) is being processed.
Right to rectification
In the event that any personal data provided by you is inaccurate, you shall have the right to provide us with the accurate data and have us rectify such data at our end immediately.
We urge you to ensure that you provide us with accurate and correct information/data at all times in order to ensure your use of our Services is flawless.
Right to erasure
You have the right to demand us to erase your personal data without undue delay and we will do so without undue delay, provided that the data is no longer required by us.
However, rest assured that we will delete your personal data from our databases as soon as the legal basis for processing such personal data lapses. Do note that multiple legal bases for processing your personal data may exist in parallel and we may still have to retain some of your personal data at any time.
Right to the restriction of data processing
You have the right to require us to restrict the usage of data when the use of such data may be illegal or when such data is inaccurate.
Right to lodge a complaint
Without prejudice to any other administrative or judicial remedies, you have the right to lodge a complaint with a supervisory authority against our use of any of your data.
Right to withdraw consent
You have the option, at any time while availing our Services or otherwise, to withdraw your consent given to us for processing your data. In case of withdrawal of your consent, we reserve the option not to provide the Services for which such information was sought. For withdrawing your consent, you may send an email to us at firstname.lastname@example.org. Your withdrawal will become effective upon the receipt of an acknowledgment by you from us.
Right to opt-out
Marketing opt-outs:You may opt out of receiving promotional emails from us by writing to us at email@example.com. You may also opt out of receiving emails and other messages from us by following the unsubscribe instructions in those messages. However, even if you have opted out of receiving information from us, we will still send non-promotional communications.
Push notifications: You can opt out of receiving push notifications through your device settings. Please note that opting out of receiving push notifications may impact your use of the Platform.
Location Information: While you can prevent your device from sharing location information at any time through its operating system settings, sharing such location is core to how the Platform works and without it we cannot provide our Services accurately to you.
- 7. What Are Our Data Security Practices?
We use appropriate technical and organizational security measures to ensure a level of protection to your personal data which is commensurate to the risk, taking into account state of the art technologies, implementation costs and the nature, scope, context and purposes of processing as well as the risk of likelihood and the degree of risk. The transfer of personal data between your end device and us is generally carried out in an encrypted form (TLS encryption). You can identify an encrypted connection by the lock symbol in the address line of your browser.If you communicate with us by email, access by third parties cannot be ruled out. In the case of confidential information, we recommend using encrypted email communication (PGP).
- 8. Children’s Privacy
We take the privacy of Minors very seriously. Please make sure that you as the Parent who accepts these terms on behalf of the Minor, supervise the types of data that the Minor shares with us. To make sure data shared by Minors is safe, we may (from time to time) integrate new mechanisms and safeguards on our Platform.
- 9. Communications From Us
We may from time to time send you service-related announcements when we consider it necessary to do so (such as when we temporarily suspend the Platform for maintenance, or security, privacy, or administrative-related communications). We send these to you via SMS or email, as we deem fit.
- 10. Updates To This Notice
We may occasionally update this Policy. Use of our Services after an update constitutes consent to the updated notice to the extent permitted by law. If we make significant changes, we will notify you of such changes in advance. Please take the time to periodically review this Policy for the latest information on our privacy practices.
- 11. Grievance Officer
We have appointed a grievance officer to address your concerns regarding data safety, privacy with regard to your FamPay Account. You may contact the Grievance Officer at:
Office hours: 12 noon to 7 PM.
Email address: firstname.lastname@example.org